I'm attempting to use mod_wsgi for Authen (Digest) only. Once Authen is
complete, all other scripts in the Apache directories will be served as
CGI's or static files (or mod_proxy will pass the request on).
At present (with the configs below) the WSGI (Digest) authentication script
is being executed and is returning a hex-digest of an md5 sum of
'user:pass:realm' (we can see this in the logs and code is provided below);
however, apache is presenting the user with the login form each and every
time authentication is successfully completed.
Some things to note: The password (in this case) isn't a password at all.
It is an encrypted cookie that is found in the HTTP_COOKIE variable. The
process of validating that cookie is to send it over TCP to a propratary
java-validation process.
Can anyone see (in the configs and code below) where I have missed telling
Apache that the Authentication was successful?
CONFIG httpd.conf:
<LocationMatch "^/private/">
Options Indexes FollowSymLinks ExecCGI
AuthType Digest
#REALM PrivateArea
AuthName PrivateArea
AuthDigestProvider wsgi
WSGIAuthUserScript /sites/www-python/lib/auth/plugin.py
Require valid-user
RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER},NS]
RequestHeader set X-WEBAUTH-USER "%{PROXY_USER}e"
</LocationMatch>
CODE plugin.py:
def get_realm_hash(environ, user, realm):
C = http.cookies.SimpleCookie()
C.load(environ.get('HTTP_COOKIE',''))
cval = ''
if not 'rocacheauth' in C:
writelog("cookie not present")
return None
if 'rocacheauth' in C:
cval = C['rocacheauth'].value
port = 2500
writelog(f"cookie value: {cval}")
userdata = findSession(cval) # look on disk for saved session
if userdata: return(digest(userdata,realm))
writelog(f"session not found")
userdata = verifyCookie(cval,port=port)
if userdata:
writeSession(cval,userdata) #save to disk
return(digest(userdata,realm))
writelog(f"session not validated")
return None
def digest(userdata,realm):
hasher = hashlib.md5()
uname = userdata[5]
ustr = f'{uname}:barkbark:{realm}'
writelog(f"validated user:{uname}")
hasher.update(ustr.encode('UTF-8'))
dgest = hasher.hexdigest()
writelog(f"digest :{dgest}")
return(dgest)
LOG1 OUTPUT:
# (user does not have a saved session on disk)
# login form is presented
2021-06-14 17:28:19,326 - authn_plugin - INFO - validated user:nv596r
2021-06-14 17:28:19,327 - authn_plugin - INFO - digest
:7159b4ae7e3c2bd736dcf7c9c03d8e64
# login form is presented AGAIN
LOG2 OUTPUT:
# (user does have a saved session on disk):
# login form is presented
2021-06-14 17:47:54,318 - authn_plugin - INFO - Session Located nv596r
2021-06-14 17:47:54,318 - authn_plugin - INFO - validated user:nv596r
2021-06-14 17:47:54,319 - authn_plugin - INFO - digest
:9633784b6851713b93506f3201fd53b9
# login form is presented AGAIN
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/modwsgi/ba89bbc5-99cb-4ca2-80d4-eb13d37f8fffn%40googlegroups.com.
